Microsoft Intune December Update Adding Mobile Management Perks

Microsoft is delivering updates to its Intune device management solution this week that promise to deliver new mobile capabilities.

The updates, announced today, come on the heels of features added in a November Microsoft Intune update. Intune subscribers can expect to get the new December update between December 9 and December 12. Specific timelines, based on Microsoft's service regions, are listed at this status page.

The December update to Intune will let organizations manage Office mobile apps for iOS devices, including the ability to set restrictions on copy and paste actions to protect company information. Line-of-business apps can be protected via the Intune App Wrapping Tool for iOS. iOS-based devices can be bulk enrolled via Apple Configurator, and it's also possible to import Apple Configurator configuration files into Intune to customize iOS policies.

On the Android side, Microsoft supports a so-called "managed browser app for Android devices." With the managed browser app in place, access to specific Web sites can be permitted or denied by organizations. However, based on Microsoft's announcement, this app hasn't yet been cleared through the Google store vetting process. The December update does support secure content access using Android apps such as "PDF Viewer, AV Player, and Image View," according to the announcement. Office mobile apps for Android devices are "coming soon," Microsoft promised, although no specifics were provided.

Microsoft didn't add much about its support for the Windows Phone 8.1 platform, except that the December update brings the ability to set device lockdown policies using Open Mobile Alliance-Uniform Resource Identifier (OMA-URI) strings. Microsoft explained last month that the use of OMA-URI strings is a way to "directly configure nodes available on a mobile device" when using Intune without having the graphical user interface of System Center Configuration Manager.

The December update also permits organizations to restrict access to their Exchange Online e-mails based on "device enrollment and compliance policies."

The December improvements only apply to the so-called "standalone" Microsoft Intune solution.

Microsoft has two solutions for managing PCs -- Intune and System Center Configuration Manager -- but Intune is its flagship product, going forward, for mobile device management. It's possible for System Center Configuration Manager to integrate with Intune, providing a "single pane of glass" view for managing PCs and mobile devices. However, the December Intune improvements don't yet apply to such an integrated Intune-SCCM solution. Microsoft's announcement provided no indication about when such integrated support would be available.

The December Intune update completes Microsoft's mobile device management promises for this calendar year, according to Brad Anderson, Microsoft's corporate vice president for enterprise client and mobility, in a blog post.

He said that Microsoft is "rolling out containers" for iOS and Android mobile platforms that "enable you to separate corporate data and apps from consumer apps." This container technology also lets organizations block the sharing of application data.

Anderson described the container technology as enabling Office apps to be "deeply" managed on the iOS and Android platforms. So-called "managed apps" permit organizations to have the ability to separately manage a mobile device's corporate data from personal data using Intune, he also explained.

The managed apps scenario also applies to Microsoft Office mobile apps. Anderson suggested that Microsoft has some proprietary hooks in them. He said that "the only way that you can deeply manage the Office mobile apps is through Intune," although he didn't explain why that would be so.

Microsoft updated an August security advisory this week to urge organizations using the Lightweight Directory Access Protocol in supported Windows systems to implement some configuration changes manually.